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DETAILED ACTION 

1 . This Action is in response to Amendment filed 7/19/04, which has been fully considered. 

2. Amended claims 1-5, 10-12, 18-23, 29-33, 35 and 37 are presented for examination. 

3. Claims 6-9, 13-17, 24-28, 34 and 36 are cancelled by Applicant. 

4. This Action is FINAL. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1-5, 10-12, 18-23, 29-33, 35 and 37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Abdelnur et al. (US 6,212,640 Bl) (hereinafter Abdelnur) in view of Lee 
et al. (US 6,167,522). 

7. The Examiner interprets that the "web application server" of claim 1, the "data 
processing system" of claims 18 and 29, the "second server" of claim 19 and the "computer 
readable medium of claim 37 are equivalent. Moreover, the Examiner interprets that the step 
of "validating" in line 13 of claim 1, the step of determining whether a server is a trusted 
server in lines 12-14 of claim 19, and the step of determining whether an expected value is 
present in lines 13-15 of claim 18, lines 7-9 of claim 29 and lines 8-9 of claim 37, are 
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equivalent. Therefore, claims 1, 18, 19, 29 and 37 are subject to similar limitations and are 
properly rejected under the same grounds. 
8. As for claims 1, 18, 19, 29 and 37, Abdelnur teaches a network data processing system 
having a computer program product in a computer readable medium, and a method to be 
implemented on the network data processing system, the network data processing system 
comprising: 

a bus system (Fig. 7; col. 12, lines 28-55, "An embodiment of. ..and address lines."); 
a communications unit connected to the bus system (COMM INT 720, Fig. 7); 
a memory connected to the bus system, wherein the memory includes a set of instructions 
(main memory 715, mass storage 712, Fig. 7); 
a network (Fig. 4); 

a plurality of clients connected to the network (client 430, Fig. 4; Client 430 is 
exemplary. It is understood that clients may be plural. See col. 1, lines 26-34, "In computer 
networks. . . via the Internet."); 

a first security server connected to the network, wherein the first security server receives 
a request from a client to access a resource, performs an authentication process with the 
client, adds information to the request in which the information indicates that the request is 
from a trusted source to form a modified request, and sends the modified request for 
processing (web server 480, Fig. 4; Fig. 6; col. 11, line 47 - col. 12, line 6, "At step 
610.. .access rights."); and 

a second server connected to the network, wherein the second server receives the 
modified request from the first security server, presents the modified request to a security 
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application, the security application determining whether the first server is a trusted server, 
and provides access to the resource in response to a determination that the first server is a 
trusted server (server 460, Fig. 4; col. 11, line 53 - col. 12, line 20, "If application 410. . .false 
credentials."). 

Abdelnur does not specifically disclose the means used by the security application in 
determining whether the first server is a trusted server. Therefore, Abdelnur does not 
specifically disclose presenting a request to a plurality of components in the second server, 
each component respectively corresponding to one of a plurality of security servers, as 
recited in claims 1,18 and 19. Lee teaches presenting a request to a plurality of components 
in a server, each component respectively corresponding to one of a plurality of security 
servers in order to improve network security and performance (col. 3, lines 9-50). It would 
have been obvious to one of ordinary skill in the art to modify Abdelnur by presenting a 
request to a plurality of components in the second server, each component respectively 
corresponding to one of a plurality of security servers, in order to restrict access to network 
resources, as taught by Lee (col. 2, lines 25-31). 

9. As for claim 2, Abdelnur discloses the method of claim 1, wherein the request is a request 
to access data (col. 11, lines 47-52, "At step 6 10... application, for example."). 

10. As for claim 3, Abdelnur discloses the method of claim 1, wherein the first security 
server is a reverse proxy server (web server 480 inherently acts as a reverse proxy server in 
the disclosed embodiment; col. 1 1 , lines 3 8-42, "Alternatively, if servlet . . . and server 460."). 
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11. As for claim 4, Abdelnur discloses the method of claim 1, wherein the information 
includes a user identification (col. 12, lines 7-19, "In one or more. . .submitting false 
credentials."). 

12. As for claim 5, Abdelnur discloses the method of claim 1, wherein the information 
includes an identification of the first security server (col. 12, lines 7-19, "In one or 
more... submitting false credentials."). 

13. As for claim 10, Abdelnur discloses the method of claim 6, wherein the user 
identification is a user name and password (col. 9, lines 60-64, "Authentication 
involves. . .between the two."). 

14. As for claim 11, Abdelnur discloses the method of claim 1, wherein the step of validating 
further comprises determining a value of the information is an expected value located in a 
data structure (col. 9, lines 60-64, "Authentication involves... between the two."). 

15. As for claim 12, Abdelnur does not specifically disclose a plurality of interceptors in the 
second server (i.e. web application server). Lee teaches a plurality of interceptors in a server 
for receiving requests (col. 3, lines 9-50). It would have been obvious to one of ordinary 
skill in the art to modify Abdelnur by using a plurality of interceptors in order to restrict 
access to network resources, as taught by Lee (col. 2, lines 25-31). 

16. As for claim 20, Abdelnur does not specifically disclose a second security server 
performing the same functions as the first security server, wherein the second server contains 
a second component corresponding to the second security server for determining different 
security restrictions for the second security server. Lee teaches providing a second security 
server performing the same functions as the first security server, wherein the second server 
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contains a second component corresponding to the second security server for determining 
different security restrictions for the second security server (Fig. 1, col. 3, lines 9-50). It 
would have been obvious to one of ordinary skill in the art to modify Abdelnur by using a 
second security server performing the same functions as the first security server, wherein the 
second server contains a second component corresponding to the second security server for 
determining different security restrictions for the second security server in order to restrict 
access to network resources, as taught by Lee (col. 2, lines 25-31). 

17. As for claim 21, Abdelnur discloses the network data processing system of claim 19, 
wherein the network is at least one of a local area network, an intranet, an extranet and an 
Internet (col. 1, line 63 - col. 2, line 6, "In modem computing environments. . .may be 
communicated."). 

18. As for claim 22, Abdelnur does not specifically disclose a plurality of interceptors in the 
second server (i.e. web application server). Lee teaches a plurality of interceptors in a server 
for receiving requests (col. 3, lines 9-50). It would have been obvious to one of ordinary 
skill in the art to modify Abdelnur by using a plurality of interceptors for determining that the 
first security server is a trusted server in order to restrict access to network resources, as 
taught by Lee (col. 2, lines 25-31). 

19. As for claim 23, Abdelnur discloses the network data processing system of claim 19, 
wherein the second server receives the request directly from the client (step 510, Fig. 5). 

20. As for claim 30, Abdelnur discloses the data processing system of claim 29, wherein the 
modified request requests access to a resource, the data processing system further 
comprising: 



Application/Control Number: 09/755,35 1 Page 7 

Art Unit: 2154 

second determining means for determining whether a user of the client is authorized to 
access the resource (inherent to server 460, Fig. 4; col. 11, lines 12-22, "Web server 480. ..to 
network 450."; col. 12, lines 7-20, "In one or more... false credentials."); and 

accessing means for accessing the resource using the modified request in response to a 
determination that the user is authorized (col. 1 1, line 64 - col. 12, line 6, "Once the 
request... access rights."). 

21. As for claim 3 1 , Abdelnur discloses the data processing system of claim 29, wherein the 
first security server is a reverse proxy server (web server 480 inherently acts as a reverse 
proxy server in the disclosed embodiment; col. 11, lines 38-42, "Alternatively, if 

servlet. . .and server 460."). 

22. As for claim 32, Abdelnur discloses the data processing system of claim 29, wherein the 
information is an identification of the first security server (col. 9, lines 60-64, 
"Authentication involves. . .between the two."). 

23. As for claim 33, Abdelnur discloses the data processing system of claim 29, wherein the 
information is a user name and password of a user of the client (col. 9, lines 60-64, 
"Authentication involves. . .between the two."). 

24. As for claim 35, Abdelnur discloses the data processing system of claim 29, wherein the 
plurality of determining means includes a set of interceptors that can provide different 
security restrictions to a resource (interceptors are inherent for intercepting the request for 
authentication; col. 11, lines 12-22, "Web server 480. . .to network 450."; col. 12, lines 7-19, 
"In one or more embodiments... submitting false credentials.")- 
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Response to Arguments 

Claim Objections 

25. Objections to claims 18, 19, 29 and 37 are hereby withdrawn in view of Amendment. 
112 Claim Rejections 

26. The rejections under 35 U.S.C. 112, second paragraph, of claims 5, 6-12, 18, and 29-35 
are hereby withdrawn in view of Amendment. 

102 Claim Rejections 

27. Applicant's arguments with respect to Abdelnur (US 6,212,640 Bl) have been considered 
but are moot in view of new grounds of rejection. Specifically, Applicant asserts on pg. 15 
of Remarks filed 7/19/04 that Abdelnur fails to teach an application server having "a plurality 
of component" corresponding to "a plurality of security servers." Abdelnur is not relied 
upon to teach this limitation of the claims, as detailed in the rejections under 35 USC 103 (a) 
above. 

103 Claim Rejections 

28. Applicant's arguments found on pgs. 16-17 of the Remarks filed 7/19/04 are moot in 
view of a new grounds of rejection. 

Conclusion 

29. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure: 

US 6,782,294 B2, note Fig. 1 and col. 6, lines 4-13; 

US 6,006,258, note source-based routing to selected network resources; 
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US 6,363,478 Bl, note abstract; 

US 6,701,438 Bl, note authentication servlet; 

US 6,088,796, note Fig. 1, col. 13; 

US 6,363,479 Bl, note abstract. 
30. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until 
after the end of the THREE-MONTH shortened statutory period, then the shortened statutory 
period will expire on the date the advisory action is mailed, and any extension fee pursuant to 
37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aaron C Perez-Daple whose telephone number is (703) 305- 
4897. The examiner can normally be reached on 9am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (703) 305-8498. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
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applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access 
to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 
(toll-free). 

Aaron Perez-Daple 




